CVE-2012-1856

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2003 SP3, 2007 SP2 and SP3, 2010 SP1 Microsoft SQL Server versions 2000 SP4, 2005 SP4, 2008 SP2, SP3, R2, R2 SP1, and R2 SP2 Microsoft Commerce Server versions 2002 SP4, 2007 SP2, 2009 Gold and R2 Microsoft Host Integration Server version 2004 SP1 Microsoft Visual FoxPro versions 8.0 SP1, 9.0 SP2 Microsoft Visual Basic 6.0 Runtime

Description The issue is related to the TabStrip ActiveX control in the MSCOMCTL.OCX component, which can allow remote attackers to execute arbitrary code via a crafted document or web page, triggering system-state corruption.

Recommendations For Microsoft Office versions 2003 SP3, 2007 SP2 and SP3, 2010 SP1, update to a version that includes the fix for the MSCOMCTL.OCX vulnerability. For Microsoft SQL Server versions 2000 SP4, 2005 SP4, 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, apply the relevant security patch to address the vulnerability. For Microsoft Commerce Server versions 2002 SP4, 2007 SP2, 2009 Gold and R2, update to a version that includes the fix for the MSCOMCTL.OCX vulnerability. For Microsoft Host Integration Server version 2004 SP1, apply the relevant security patch to address the vulnerability. For Microsoft Visual FoxPro versions 8.0 SP1, 9.0 SP2, update to a version that includes the fix for the MSCOMCTL.OCX vulnerability. For Microsoft Visual Basic 6.0 Runtime, apply the relevant security patch to address the vulnerability.